QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

CVE-2025-66280

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the...

QNAP Systems QTS和QNAP Systems QuTS hero 代码问题漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There are code-related vulnerabilities in QNAP Systems QTS and QNAP Systems QuTS hero, which stem from null pointer...

QNAP Systems File Station 6 安全漏洞

QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. There is a security vulnerability in QNAP Systems File Station 6, which stems from unlimited resource allocation or throttling. This vulnerability could allow remote attackers to...

QNAP Systems QTS和QNAP Systems QuTS hero 路径遍历漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have path traversal vulnerabilities, which allow remote attackers to access unexpected files or system data after...

QNAP Systems QTS和QNAP Systems QuTS hero 代码问题漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There are code-related vulnerabilities in QNAP Systems QTS and QNAP Systems QuTS hero, which stem from null pointer...

QNAP Systems File Station 5 安全漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. QNAP Systems File Station 5 has a security vulnerability that stems from a buffer overflow issue. This vulnerability could allow remote attackers to modify memory after obtaining...

QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...

QNAP Systems多款产品 安全漏洞

QNAP Systems QuTScloud is a product of QNAP Systems. It is a cloud-optimized version of the QNAP NAS operating system. QNAP Systems QTS is software with data storage and management capabilities. QNAP Systems QuTS Hero is also software with data storage and management capabilities. Several product...

QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability arises from command injections, whic...

QNAP Systems QTS和QNAP Systems QuTS hero 跨站脚本漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have cross-site scripting vulnerabilities. These vulnerabilities allow remote attackers to bypass security...

Qnap QTS and QuTS hero Improper Neutralization of Special Elements used in a Command (CVE-2024-14026)

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

QNAP Systems Media Streaming Add-On 安全漏洞

QNAP Systems Media Streaming Add-On is an extension component developed by QNAP Systems, a company from Taiwan, China, that provides media streaming services and content distribution capabilities for network storage devices. The QNAP Systems Media Streaming Add-On has a security vulnerability,...

QNAP Systems QVR Pro 访问控制错误漏洞

QNAP Systems QVR Pro is a network video monitoring platform developed by QNAP Systems, Inc. in Taiwan, China. Versions of QNAP Systems QVR Pro prior to 2.7.4.14 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication for critical functions, allowing...

QNAP Systems QuFTP Service 跨站脚本漏洞

QNAP Systems QuFTP Service is a service component provided by QNAP Systems, a company based in Taiwan, China. It offers File Transfer Protocol services and remote file access management capabilities. The QNAP Systems QuFTP Service has a cross-site scripting vulnerability. This vulnerability stems...

CVE-2025-66277

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

QNAP Systems Media Streaming add-on 操作系统命令注入漏洞

The QNAP Systems Media Streaming add-on is a multimedia enhancement plugin developed by QNAP Systems, a company from Taiwan, China. The QNAP Systems Media Streaming add-on has a vulnerability related to operating system command injection. This vulnerability stems from command injections, which ma...

QNAP Systems File Station 5 路径遍历漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.0.0.4 had a path traversal vulnerability. This vulnerability allows for the execution of arbitrary commands, potentially leading ...

QNAP Systems QTS和QNAP Systems QuTS hero 代码问题漏洞

QNAP Systems QTS and QNAP Systems QuTS Hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There were code-related vulnerabilities in versions of QNAP Systems QTS 5.2.8.3332 build 20251128 and QNAP Systems QuTS Hero...

QNAP Systems QuTS hero 安全漏洞

QNAP Systems QuTS hero is an operating system developed by QNAP Systems. Versions prior to h5.3.2.3354 of QNAP Systems QuTS hero contained a security vulnerability caused by a buffer overflow. This vulnerability could allow remote attackers to modify memory or cause processes to crash...